So, the spending pubkey is actually redefined as a key internal to the taproot script, and the pubkey for the overall taproot script tree is the "real" pubkey, as it is now the key that's actually publicly available! The whole notion of what public key means is therefore not the same in taproot outputs...phew!
Anyone have any idea if this has any implications for QC resistance? My instinct is to say that the internal key is never revealed, because the taproot magic keeps it forever hidden. I expect to be wrong
No, that's wrong.Anyone have any idea if this has any implications for QC resistance? My instinct is to say that the internal key is never revealed, because the taproot magic keeps it forever hidden. I expect to be wrong
The public key you see in a taproot output is still a public key. It has a discrete logarithm (aka a private key) and anyone who is able to find it will be able to spend the coins regardless of any internal pubkey or script. The private key for a taproot pubkey (assuming a script) is the private key of the internal key + the hash of the script. The public key itself is computed by the sum of the internal pubkey and the "pubkey" of the hash of the script (i.e. multiply the hash by the curve generator).
For QC resistance and why hashing doesn't matter, see: https://bitcoin.stackexchange.com/questions/91049/why-does-hashing-public-keys-not-actually-provide-any-quantum-resistance